Security: a couple of questions
janplaJun 20 2012 — edited Jun 22 2012I have been given the task of adding security to a Java EE ver 6 application running on GlassFish 3. I have spent some time studying the basic concepts, but I am still a bit raw - and the task is not exactly typical either, I think.
The application has a number of forms that interact with MySQL tables as well as some that interact with a system called STAF, which has features for user authentication. I have to use the STAF authentication to authenticate users for the entire application.
Authentication in STAF works like this:
First you create a STAFHandle (a Java class).
Next you authenticate your STAFHandle with a user ID and password
Then you use the STAFHandle to send off STAF commands
Thus, the STAFHandle is very central; as far as I understand it, I should be able to access this authentication mechanism through JAAS by creating a LoginModule (?), but is there a way to preserve the STAFHandle for the use of the rest of the application? Or am I wildly off the mark here?